On Tue, 8 Sep 2009, Allen Kistler wrote:
In case other 6to4 clients can't figure out why fp.o is beyond
reach over IPv6, here's some fixing I did to make access to fp.o over
6to4 work for me.
I hadn't had a problem with hanging connections to other IPv6 sites, but
I have for fp.o. I heard from Mike M on IRC that others had reduced
their MTU to get 6to4 to work with fp.o.
Starting there, my eventual solution was to put the following in the
mangle table in ip6tables on my 6to4 router (all one line, of course):
-A FORWARD -o tun6to4 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
6to4 has an MTU of 1480 for most people, but 1472 for DSL. Probably
something isn't generating an ICMP packet-too-big to send back to fp.o
when the link MTU drops. Alternatively the packet could be getting
dropped in transit or ignored by fp.o. Of course, clamping MSS in
ip6tables only works for TCP.
ipv6 has caused a lot of problems for certain people, very non-obvious,
takes several hours to fix problems. I wonder if there's anything more we
can do on our end.